Hey guys I am trying to figure out a way to time out a variable if it goes past X time trying to get contents, this is based on touching a server to verify it has SSL. If the server doesn't respond in X seconds I would like to just set the variable as empty (or set some other flag if possible)
What I am using is
response=$(echo ^D |openssl s_client -connect ${line}:443 2> /dev/null |openssl x509 -noout -hash |grep -E '^[[:xdigit:]]{8}')
where $line is baidu.com for now
I tried something like this
( cmdpid=$BASHPID;
( sleep 10; kill $cmdpid; echo -e "\n\t$line missed window, terminating...\n"
) & exec response=$(echo ^D |openssl s_client -connect ${line}:443 2> /dev/null |openssl x509 -noout -hash |grep -E '^[[:xdigit:]]{8}')
)
But realized several issues, such as A) I am in a subshell and cannot get my variable out, B) I am trying to run response=#hash and returning errors etc
What would the best way to run a timeout on capturing my variable?
Thanks
IFS= read -t 10 -d '' variable < <(yourcommand)
e.g.
IFS= read -t 10 -d '' response < <(echo ^D |openssl s_client -connect ${line}:443 2> /dev/null |openssl x509 -noout -hash |grep -E '^[[:xdigit:]]{8}')
Related
i have a bash script to dump mysql and making tar and protect it with openssl
tar -cf ${DB}_${DATE}.tar *.sql | openssl enc -aes-256-cbc -pbkdf2 -e > ${DB}_${DATE}.tar.gz.enc > /dev/null 2>&1
but my bash script will stop because of ask password
how can i fill the passwords in bash script ?
As the manual tells you, -pass source specifies a location from which openssl will read the password to use.
Assuming this is a bash script instead of a sh script, you can use process substitution:
tar -czf "${DB}_${DATE}.tar" *.sql |
openssl enc -aes-256-cbc -pbkdf2 -e -pass file:<(echo "password") \
>"${DB}_${DATE}.tar.gz.enc" 2>/dev/null
Note that redirecting stderr to /dev/null is a bad idea -- I'm doing it because it's what your original code did, but it makes it impossible to troubleshoot failures.
I'm trying to follow this answer, which suggesting running this command:
sudo bash -c "echo -n | openssl s_client -showcerts -connect $hostname:$port -servername $hostname \
2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
>> $trust_cert_file_location"
But I'm getting:
syntax error near unexpected token `newline'
Now, I've figured out that it's probably because of either the > or >> operators in the command. I've found answers saying to escape such characters with quotes, but they all talk about cases when the '>' characters are a part of a simple text. What to do when it's an actual operator like in my case?
Assuming you are coping some white spaces after the \.
Suggesting to remove the new line separator:
sudo bash -c "echo -n | openssl s_client -showcerts -connect $hostname:$port -servername $hostname 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $trust_cert_file_location"
Suggesting to test if you get all certificates or just the first one.
I want to create a bash script that takes url as an argument.
for ex: ./scriptname https://domainame.com/
Current one works with with domainname.com but not with the full URL.
I get this error when I try to enter the full URL,
unable to load certificate
140398535546784:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
This is the one I have currently have,
#!/bin/bash
echo | openssl s_client -connect $1:443 2> /dev/null | \
openssl x509 -noout -enddate | \
cut -d = -f 2
A quick fix is to cut the parts of protocol and path out of the url
#!/bin/bash¬
NoProtocol="${1//https:\/\//}"¬
DomainOnly="${NoProtocol%%/*}"¬
¬
echo | openssl s_client -connect ${DomainOnly}:443 2> /dev/null | \¬
openssl x509 -noout -enddate | \¬
cut -d = -f 2¬
The following works in bash (/bin/bash):
Code:
echo "U2FsdGVkX198UexvhHEtfC7iLbT3awAfla77fvSjZQJ0LC4GmDMeLOghPWXpyy6e" | openssl aes-128-cbc -a -d -salt -pass file:<( echo -n "toy" )
Fri Sep 15 15:20:01 PDT 2017
But fails when run in sh (/bin/sh):
Code:
echo "U2FsdGVkX198UexvhHEtfC7iLbT3awAfla77fvSjZQJ0LC4GmDMeLOghPWXpyy6e" | openssl aes-128-cbc -a -d -salt -pass file:<( echo -n "toy" )
sh: 15: Syntax error: "(" unexpected
is there a way around this?
As you can see here, i'm using a named pipe for the password and id like to continue doing that. I just need this (or a very close variation of it) to work in /bin/sh.
OS: All Unix flavors.
You can use a named pipe explicitly:
mkfifo passwd
printf '%s' "toy" > passwd &
echo "U2FsdGVkX198UexvhHEtfC7iLbT3awAfla77fvSjZQJ0LC4GmDMeLOghPWXpyy6e" |
openssl aes-128-cbc -a -d -salt -pass file:passwd
rm passwd
I have the following command.
openssl s_client -connect my.site.com:443
This connects, so then I type the following:
GET /ws/map/v1/search.wsdl HTTP/1.1
Host: my.site.com
This returns the xml I'm looking for from the wsdl.
However, I'm finding it hard to script it to run as one job.
#!/bin/bash
echo 'openssl s_client -connect my.site.com:443'
echo 'GET /ws/map/v1/search.wsdl HTTP/1.1
Host: my.site.com'
while read x
do
echo "$x"
done
Is there something i'm missing here when trying to send this command to the ssl console, and have it read to a var that I can work with??
Thanks much!
Ben
okay, so now I have script 1 which has the following.
#!/bin/bash
openssl s_client -connect my.site.com:443
and script 2 does
#!/bin/bash
echo 'GET /ws/map/v1/search.wsdl HTTP/1.1'
echo 'Host: my.site.com'
while read x
do
echo "$x"
done
and when I type
script1.sh | script2.sh
and I get : bad interpreter: A file or directory in the path name does not exist.
any ideas?
Got it!
:)
echo -e "GET /ws/map/v1/search.wsdl HTTP/1.1\nHost: my.site.com\n\n" | openssl s_client -connect my.site.com:443 -ign_eof
Really hope this helps someone going forward.